China, Sweden, and what does all the hoo-ha, effort and taxpayers’ money amount to, anyway?

Mon. 25 June 2018

Whilst investigating virtual private network (VPN) services to protect my privacy and the security of my personal data, I explored the website of Private Internet Access (PIA), one service that has several times come to my attention as recommended.

PIA hosts a blog, Privacy News Online, which I’ve found very interesting; they seem genuinely committed to the concept of personal privacy and run all sorts of articles concerning privacy and data security. Two of these articles caught my eye, one about China, where the government is enforcing the installment of a spyware app on mobile devices, and the other is about a Swedish-government data leak of immense proportions.

The Chinese spyware app, which comes well after “The Great Firewall of China” has been established, seems to be limited at this point to the Muslim-majority Xinjiang province, but we all know how these things start, don’t we. It rather reminds me of the UK. The Privacy News Online article is of course thoroughly critical, but it presents the Chinese government’s official PR:

The main function [of the spyware app] is to block pornographic websites, online scams, trojan horses, and phishing sites; to alert users of how much time they spend online; and to enable remote control of one’s home network. The tool is intended to help kids develop a healthy lifestyle by building a safe web filter for the minors.

Britain’s cheeky tech-news website, The Register, weighed in on the story, saying while the “main goal of the app is – or was – to shield minors from inappropriate content and things like viruses ... the Chinese government has repurposed it to act as a mass surveillance tool”. Apparently the app, called Jing Wang (“clean internet”),

...not only blocks specific websites, but also searches a phone’s file storage for “illegal” images and can prevent the installation of other applications. It keeps a copy of chat records and Wi-Fi logins and sends them, along with phone-specific IMEI and SIM details, to a government server.

And anyone caught in Xinjiang without the app on their device is arrested and detained for 10 days.

It seems to me that, with the “Great Firewall of Britain” under construction, Westminster is doing just fine without insisting that UK citizens have such an app installed on their devices, but who knows what the future holds if we keep up the way we are.

More to the point of the here-and-now – at least, by the end of this year to be more precise – the UK’s new adult verification (AV) law has been roundly and consistently criticised for its almost total neglect of the privacy and data security of citizens who sign up to AV services; in short, the government and the adult-content regulator, the British Board of Film Classification, have abdicated responsibility for this vital aspect of modern life, now driven as it is by technology. Instead, they’re leaving it to AV service providers to handle these issues as they see fit. The fact that these are private companies with a vested interest in maximising their profits, including by the aggregating and selling or in other ways monetising the personal information of their customers, seems to have eluded the powers-that-be.

Relevant to the above apparent fact that the UK government doesn’t take citizens’ privacy seriously is the other Privacy News Online article that for some reason jumped out at me on the screen: a story about how a Swedish government department ignored national security and citizen-privacy procedures in outsourcing an IT contract, resulting in a data leak of potentially catastrophic proportions. The responsible senior public servant exited office and received the equivalent of a slap on the wrist. See: How the Swedish administration leaked EU’s secure STESTA intranet to Russia, then tried glossing over it. The BBC reported on this scandal two days later and cited the Privacy News Online article: Sweden data leak ‘a disaster’, says PM (and there are many other sources of news on this scandal that go even deeper into the consequences).

It seems that governments everywhere simply don’t care, and in any case are (like government here) being starved of the funding required to do a proper job in-house rather than outsourcing – which is what Westminster is doing by engaging the BBFC to administer the implementation of AV (at what cost to the taxpayer we don’t know), with the technicalities of providing actual AV services to the public being left to “the market”. So there we have it in a nutshell: British-government-mandated internet censorship outsourced to private companies, paid for by the taxpayer with little or no guarantee of adequate data security and privacy protection.

These are serious problems, and the creation of disasters-in-the-waiting is apparent to even the barely technical such as myself. And I haven’t even touched on the controversies surrounding the perceived need for AV or a Great Firewall of Britain in any other way. And then again there’s the controversy surrounding the very workability of AV. Hence my looking at VPNs. There are other ways in which AV might be rendered superfluous, and The Register in a recent article has highlighted just one: You’ve got pr0n: Yes, smut by email is latest workaround for UK’s looming cock block (although I’m not impressed by the Register’s adoption of the Sun’s term for adult material, “smut”). It makes you wonder what all the hoo-ha, effort and taxpayers money is going to amount to, anyway.